[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Window's O/S
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: RE: [Full-disclosure] Window's O/S
- From: "Haaland, Vegar Linge" <Vegar.Linge.Haaland@xxxxxxxxxxx>
- Date: Thu, 24 Nov 2005 13:13:11 +0100
Ok, the first one it will open (if you have, let's say: notepad and
notepad.exe) is notepad.exe
I tried a couple of stuff and here's my notes:) :
The folde could be named notepad.exe notepad notepad.cmd or notepad.bat
I also successfully got it to start cmd.exe by copying a copy of cmd to
the desktop folder, and rename it to notepad.exe :)
I'll bet there's tons of stuff we could make this bug do :D
(Worked on Windows XP sp2)
(btw, sorry about my English.. :S)
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of
indianz@xxxxxxxxxx
Sent: 24. november 2005 12:44
To: pagvac
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Window's O/S
Importance: High
Hi there
same effect under german windows xp sp2... i'm not really a windows
guru, but i think, this has to do with some pre-defined windows and
internet explorer search-paths.
when you enter an url in internet explorer, and have a cd-rom in the
drive, it will move the cd-rom (searching for something?). weird!
GreetZ from IndianZ
> OK, so here is where creativity kicks in.
>
> Anyone has any interesting ideas for exploiting this bug as an attack
> vector?
>
> On 11/24/05, Sibillano Fabio <Fabio.Sibillano@xxxxxxxxxxxxxx> wrote:
>>
>> > Confirmed on Windows XP SP2 (English Version).
>>
>> Italian version too...
>>
>> weird!
>>
>>
>>
>>
>> The information contained in this e-mail may be privileged,
>> confidential, and protected from disclosure. If you are not the
>> intended recipient, you are hereby notified that any dissemination,
>> distribution or duplication of this communication is strictly
>> prohibited. If you have received this communication in error, please
>> notify the sender immediately and delete all copies .
>>
>>
>>
>
>
> --
> pagvac (Adrian Pastor)
> www.ikwt.com - In Knowledge We Trust
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
GreetZ from IndianZ
mailto:indianz@xxxxxxxxxx
http://www.indianz.ch
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/